Document Type

Publisher

Faculty

School

RAS ID

6123

Comments

Originally published as: Swanson, I. (2008, March). Malware, Viruses and Log Visualisation. In Australian Digital Forensics Conference (p. 54). Original article available here

Abstract

This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based on the theory that the basic structure of Malware code does not change, it may mutate but the internal structure stays the same. By passing it through either a current log Visualisation algorithm or a purpose built piece of visual inspection software which would output a 3D visual representation of the malware to screen or be further processed by a multipoint mapping utility similar to a finger print mapper, which would determine the base structure of the malware and categorise it. If we could finger print zero day virus by recognising visually, we may then able to detect and create an antidote to it much quicker and more efficiently than is currently being done by most antivirus vendors